According to Researcher Mathy Vanhoef, the flaw (cleverly referred to as KRACK Hack) allows attackers within range of a vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting. The good news is that manufacturers are already distributing software updates to address this vulnerability in laptops, smartphones, and internet routers. However, until you know that a network is secure, take the necessary precautions when using your connected devices.
- Use a wired ethernet connection on your network
- Avoid connecting to public Wi-Fi networks, if possible
- Avoid visiting sites where sensitive information is stored when connected to a public Wi-Fi network
- Look for an indication that the website you are visiting has https encryption
- Use a personal VPN when using a Wi-Fi connection you don’t own, manage or trust